[SECURITY] [DLA 3549-1] ring security update

2023-08-2921:15:19

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.4%

JSON

Debian LTS Advisory DLA-3549-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2023 https://wiki.debian.org/LTS

Package : ring
Version : 20190215.1.f152c98~ds1-1+deb10u2
CVE ID : CVE-2021-37706 CVE-2021-43299 CVE-2021-43300
CVE-2021-43301 CVE-2021-43302 CVE-2021-43303
CVE-2021-43804 CVE-2021-43845 CVE-2022-21722
CVE-2022-21723 CVE-2022-23537 CVE-2022-23547
CVE-2022-23608 CVE-2022-24754 CVE-2022-24763
CVE-2022-24764 CVE-2022-24793 CVE-2022-31031
CVE-2022-39244 CVE-2023-27585

Several issue have been found in ring/jami, a secure and distributed
voice, video and chat platform.
The issues are about missing boundary checks, resulting in out-of-bound
read access, buffer overflow or denial-of-service.

For Debian 10 buster, these problems have been fixed in version
20190215.1.f152c98~ds1-1+deb10u2.

We recommend that you upgrade your ring/jami packages.

For the detailed security status of ring please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ring

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11arm64asterisk-voicemail-odbcstorage-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-voicemail-odbcstorage-dbgsym_1:16.28.0~dfsg-0+deb11u1_arm64.deb
Debian10armhfasterisk-voicemail-imapstorage< 1:16.28.0~dfsg-0+deb10u1asterisk-voicemail-imapstorage_1:16.28.0~dfsg-0+deb10u1_armhf.deb
Debian9armellibpjsip2< 2.5.5~dfsg-6+deb9u3libpjsip2_2.5.5~dfsg-6+deb9u3_armel.deb
Debian9amd64libpjsua2< 2.5.5~dfsg-6+deb9u3libpjsua2_2.5.5~dfsg-6+deb9u3_amd64.deb
Debian11s390xasterisk-modules-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-modules-dbgsym_1:16.28.0~dfsg-0+deb11u1_s390x.deb
Debian9i386libpjmedia2< 2.5.5~dfsg-6+deb9u3libpjmedia2_2.5.5~dfsg-6+deb9u3_i386.deb
Debian11armelasterisk-vpb-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-vpb-dbgsym_1:16.28.0~dfsg-0+deb11u1_armel.deb
Debian9amd64libpjsip2< 2.5.5~dfsg-6+deb9u3libpjsip2_2.5.5~dfsg-6+deb9u3_amd64.deb
Debian11arm64asterisk-modules< 1:16.28.0~dfsg-0+deb11u1asterisk-modules_1:16.28.0~dfsg-0+deb11u1_arm64.deb
Debian11i386asterisk-mp3-dbgsym< 1:16.28.0~dfsg-0+deb11u1asterisk-mp3-dbgsym_1:16.28.0~dfsg-0+deb11u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	arm64	asterisk-voicemail-odbcstorage-dbgsym	< 1:16.28.0~dfsg-0+deb11u1	asterisk-voicemail-odbcstorage-dbgsym_1:16.28.0~dfsg-0+deb11u1_arm64.deb
Debian	10	armhf	asterisk-voicemail-imapstorage	< 1:16.28.0~dfsg-0+deb10u1	asterisk-voicemail-imapstorage_1:16.28.0~dfsg-0+deb10u1_armhf.deb
Debian	9	armel	libpjsip2	< 2.5.5~dfsg-6+deb9u3	libpjsip2_2.5.5~dfsg-6+deb9u3_armel.deb
Debian	9	amd64	libpjsua2	< 2.5.5~dfsg-6+deb9u3	libpjsua2_2.5.5~dfsg-6+deb9u3_amd64.deb
Debian	11	s390x	asterisk-modules-dbgsym	< 1:16.28.0~dfsg-0+deb11u1	asterisk-modules-dbgsym_1:16.28.0~dfsg-0+deb11u1_s390x.deb
Debian	9	i386	libpjmedia2	< 2.5.5~dfsg-6+deb9u3	libpjmedia2_2.5.5~dfsg-6+deb9u3_i386.deb
Debian	11	armel	asterisk-vpb-dbgsym	< 1:16.28.0~dfsg-0+deb11u1	asterisk-vpb-dbgsym_1:16.28.0~dfsg-0+deb11u1_armel.deb
Debian	9	amd64	libpjsip2	< 2.5.5~dfsg-6+deb9u3	libpjsip2_2.5.5~dfsg-6+deb9u3_amd64.deb
Debian	11	arm64	asterisk-modules	< 1:16.28.0~dfsg-0+deb11u1	asterisk-modules_1:16.28.0~dfsg-0+deb11u1_arm64.deb
Debian	11	i386	asterisk-mp3-dbgsym	< 1:16.28.0~dfsg-0+deb11u1	asterisk-mp3-dbgsym_1:16.28.0~dfsg-0+deb11u1_i386.deb